Security Basics mailing list archives
Re: Antivirus- A Corrective Control?
From: Todd Haverkos <infosec () haverkos com>
Date: Wed, 10 Aug 2011 11:54:21 -0500
kartik.netsec () gmail com writes:
Hi, I have a confusion whether Antivirus is a Preventive control or a Corrective control? I am preparing for CISSP and somewhere I have read that AV is a corrective control. I somehow disagree with this point. I believe AV can only be a corrctive control if the machine (without AV) gets infected and then AV software is installed on it. On the other hand, a machine already having an AV installed should be taken as a Preventive control. Any inputs please?
What makes intuitive sense and what ISC2 considers the correct answer may not intersect. Such is the problem with certifications/exams. #include <the_usual_long_meandering_battle_over_certification_worth.h> Logically, though, AV can surely be argued for as a o preventive (in the 30-some% of the time where it actually detects and blocks malware before it runs), o corrective (when it can clean an infection it doesn't detect before infection perhaps due to signature lag, but does find on a retrospective full scan), o detective (tells you about the 1 thing it knows about so you can scrutinize the host and maybe find the 4 other things it's infected with that it didnt' know about) control. AV can also be thought of as a "mandated by audit drivers control" or simply a "theatrical control." But that's me failing to resist the urge to be snarky with respect to AV's efficacy in preventing malware infections these days. As for what ISC2 wants on such a question, I must defer, though. A more CISSP focussed forum might give more/better/more current answers than this list if you don't get what you seek here. Ethicalhacker.net has a CISSP board. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Antivirus- A Corrective Control? kartik . netsec (Aug 10)
- Re: Antivirus- A Corrective Control? Todd Haverkos (Aug 10)
- Re: Antivirus- A Corrective Control? Sven von Kreyfeld (Aug 10)
- RE: Antivirus- A Corrective Control? Omar Salvador Alcalá Ruiz (Aug 10)
- RE: Antivirus- A Corrective Control? Mikesch, David A (Aug 10)
- RE: Antivirus- A Corrective Control? David Gillett (Aug 10)
- <Possible follow-ups>
- Re: Antivirus- A Corrective Control? Sandeep Cheema (Aug 10)
- Re: Antivirus- A Corrective Control? Todd Haverkos (Aug 10)
- Re: Antivirus- A Corrective Control? Femi Mogaji (Aug 10)
- Re: Antivirus- A Corrective Control? Jay Scalf (Aug 10)
- RE: Antivirus- A Corrective Control? Ong Chin Ching (Aug 11)
- RE: Antivirus- A Corrective Control? Mikhail A. Utin (Aug 11)
- Re: Antivirus- A Corrective Control? Todd Haverkos (Aug 10)